How GDPR is shaping global data protection

At the end of last year, the EU accounted for around 15% of the world’s trade in goods. Under GDPR, any organisation that processes data relating to any individual, not only in the EU but in the economic area, must adhere to the rules that make up GDPR.

The EU’s global clout is forcing companies around the world to review their privacy arrangements. And some countries and regions are following in their wake.

There is another issue. Thanks in part to the Facebook/Cambridge Analytica saga, and before that the Snowdon leaks, the world is waking up to the dangers of how modern technology can erode our privacy. GDPR has set a high benchmark, citizens around the world are calling for more protection and some countries are following.

It is possible that we will see a kind of domino effect. That as one country adopts a GDPR type framework, so to will others: countries falling for a European style privacy framework, one at a time. A country that trades a great deal with the EU may simply find it easier to adopt its own GDPR style regulation – in this way it may spread out: like a benevolent contagion.

As GDPR itself states: privacy is a human right.

In Brazil, for example, the influence of GDPR is clear; Brazil’s new regulation even has a similar name: the General Data Protection Law, or GDPL. But the list of similarities are quite extensive: for example, cross-border jurisdiction, a risk-based system, a right to be forgotten and the right to access data, a requirement to notify data breaches; and requirements to appoint data protection officers, under certain conditions.

On the other hand, some countries may have a quite different attitude towards privacy. Take China, as another example. While its Cyber Security Law has similarities with GDPR. It does require the Chinese government to produce a written assessment before transferring data and has a certain ambiguity that has similarities with GDPR regulations concerning legitimate interests. But the overall intention is quite different: China’s social credit system, for example, seems to be the antithesis of what GDPR stands for.

This takes us to a wider point. If AI is the driver of the so-called fourth industrial revolution, then AI needs data. The danger is that in countries where data is more easily accessible, AI is given greater opportunity to evolve. Maybe then, China and other countries that ride roughshod over the human right to privacy will be at an economic advantage – and become a force pushing upwards on the dominos.

The counter argument is that neither business nor society can function without trust, and eventually countries that create this trust with people concerning their privacy may be at an advantage.

In the battle between the privacy rich and privacy poor countries we see the EU, Brazil, and Japan on one side. China on the other. The US seems to be in the middle.

California is apparently moving towards GDPR, although the California Consumer Privacy Act is softer than the EU regulation, it is similar. But the Californian privacy law is controversial. Recently a number of trade associations wrote to Californian lawmakers asking for the rules to be watered down. The influence of GDPR is clear, but it is not certain that the final rule will resemble GDPR to that great an extent. For those following the big techs, it leaves a puzzle. On the one hand, many of them say they support GDPR and the privacy of their customers is paramount, on the other hand, some are objecting to the Californian legislation.

And while some US states are adopting some privacy and cyber security laws, the response from the US government is quite different. The US Commerce Secretary Wilbur Ross said that GDPR is a threat to trade between the US and EU.

In Japan the Act on the Protection of Personal Information was amended in May 2017, and in a recent meeting between Commissioner Haruhi Kumazawa of Japan and Commissioner Věra Jourová of EU, a joint communique was released saying that the two countries were moving to a position such that Japan that an adequacy agreement will be in place.

In Canada, The Personal Information Protection and Electronic Documents Act, known as PIPEDA, falls way short of GDPR. In fact, considering that Privacy by Design was invented in Canada and that many of the world’s leading privacy experts are Canadian, it is quite surprising how far short it falls. There are voluntary standards in Canada, and indeed some Canadian companies set the highest of examples in their approach over privacy, but there is a question markover Canadian privacy regulation being sufficient. But PIPEDA is being amended later this year.

South Africa has its POPI (South Africa’s Protection of Personal Information Act). New Zealand and Australia may be moving towards European style regulation.

Maybe though, not enough dominos have yet fallen to say that the human right to privacy is winning the global battle.

Search

Loading, Please Wait!

GDPR Associates - Our cookie policy

This web site complies with the UK Privacy and Electronic Communications Regulations and the UK DPA 2018 in its understanding of consent as it applies to the regulations. We only deploy by default essential cookies, we list and give you the user the option to opt into cookie deployment for other categories of cookies if you expand the 'Cookie settings' link. By clicking the 'Accept cookie settings' button you agree to the default privacy settings of only essential cookies, if you select do not deploy any cookies then none will be deployed. Your settings and options can only be remembered with the minimum essential cookies deployed.

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.

cookielawinfo-checkbox-marketing

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Marketing'.

cookielawinfo-checkbox-necessary

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.

cookielawinfo-checkbox-performance

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Performance'.

cookielawinfo-checkbox-preferences

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.

JSESSIONID

Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.

PHPSESSID

This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

viewed_cookie_policy

The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.

lidc

This cookie is set by LinkedIn and used for routing.

NID

This cookie is used to a profile based on user's interest and display personalized ads to the users.

VISITOR_INFO1_LIVE

This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

pardot

The cookie is set when the visitor is logged in as a Pardot user.

_ga

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.

_gat

This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.

_gid

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

__cfduid

The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Windows Azure Web Sites, by default, use an ARRAffinity cookie to ensure subsequent requests from a user are routed back to the web site instance that the user initially connected to. In other words, Windows Azure Web Sites assumes that a web site is not stateless

OptanonConsent

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

YSC

This cookies is set by Youtube and is used to track the views of embedded videos.